Canada: Fintech At The Crossroads: Regulating The Revolution

Last Updated: July 22 2016
Article by Pat Forgione, Robert M. Scavone, Tayleigh Armstrong and Kelly Kan

Financial technology or "FinTech" -- using information and communications technology to better deliver financial services -- has undergone explosive growth in recent years. Technology spending by the Canadian financial sector is estimated to reach Cdn$14.8 billion by 2018.1 FinTech itself is nothing new, of course: from ATMs to online banking, financial institutions have been using technology to deliver services to end users for over 30 years. But what is new is the entry into the market place of the "disruptors" – both new technologies and new players – that promise to deliver a new user experience, especially to the younger demographic that grew up on smartphones and tablets.

FinTech is incredibly diverse and does not have clearly defined boundaries. It can include everything from conventional online banking to big data, peer-to-peer or marketplace lending, mobile payments, digital wallets, crowdfunding, robo-advice and applications of distributed ledger/blockchain technology. FinTech is both responding to and creating a demand for more efficient business models and a seamless user experience that may bypass traditional trusted intermediaries. Financial services once offered exclusively by bricks-and-mortar financial institutions are now being unbundled by emergent start-ups, and the traditional players are scrambling to maintain market share either alone or in partnership with dedicated FinTech firms. Both groups are using new technologies to deliver innovative financial services products directly to consumers.

As with many disruptors that encroach on areas once reserved for highly regulated industries (think Uber and airbnb) , FinTech poses many challenges to regulators struggling to strike the right balance between protecting end users and fostering innovation. The established players may argue that the new kids on the block aren't constrained by the same rules as the incumbents and may lobby regulators to level the playing field by imposing uniform regulation across the board. The new entrants may respond that regulatory compliance is costly and that too much regulation imposes unreasonable barriers to entry that protect vested interests and oligopolies and stifle competition and innovation. How much regulation is too much or too little?

In the coming years, we expect to hear heated debates around whether and how FinTech should be regulated and in particular how best to draft legislation that helps level the regulatory playing field without discouraging innovation and helps foster that innovation without sacrificing the safety and security of end users.

Issues in Regulation

One of the recurrent complaints from incumbents in this space is that FinTech start-ups are subject to less onerous regulation than traditional financial institutions, allowing the new entrants to employ faster go-to-market strategies and reach more customers. Federally regulated financial institutions, for example, must maintain minimum levels of regulatory capital and abide by a host of detailed prudential regulations that protect depositors and borrowers while FinTech start-ups face few of those constraints. The starting point for regulation is often the type of entity that provides a service rather than the service itself, meaning that two businesses offering similar services may be subject to widely different regulatory regimes. Banks that provide funds transfer services to their customers are subject to the registration and reporting requirements of the anti-money laundering legislation discussed below while services such as PayPal are not. Clearing members of Payments Canada that settle funds through the national cheque clearing system are subject to voluminous rules governing standards and finality of payment while operators of private retail payment networks such as Visa and MasterCard are governed largely by contract. A few years ago the Task Force for Payments Systems Review proposed that at the federal level all payments be regulated under a single system, without regard to the type of entity that facilitates the payment,2 and the Department of Finance more recently issued a consultation paper on the same theme.3 Should regulators take the same approach to the whole FinTech ecosystem?

FinTech regulators also face the difficult challenge of balancing the need to ensure the safety and soundness of the financial markets against the need to encourage further innovation that will allow Canadian FinTech businesses to become global competitors.

One specific area of concern is consumer and investor protection. FinTech companies are revolutionizing consumer banking and payments through alternative credit models that link lenders and borrowers directly, cut out the heavily regulated "middlemen" and apply sophisticated algorithms that can analyze the financial condition of prospective borrowers and deliver credit approvals in hours or even minutes rather than days. While this technology can speed up consumer lending, improve user experience and lower consumer costs, it raises some red flags as well. Happy with the slick and frictionless user interface, borrowing consumers may not be aware of the concerns that have been raised regarding cybersecurity and information privacy. Direct lenders may embrace the ease with which they can lend money out at attractive rates of return but not appreciate the risks of investing large sums of cash without the manifold protections mandated by securities regulations. Regulators must consider how best to guard consumer interests without stifling the innovations consumers desire.

An overview of the current regulatory landscape

There is currently no single Canadian FinTech regulator at either the federal or provincial level, nor any standard-setting technical bodies. The multidisciplinary nature of FinTech means that it is difficult to determine what should be regulated, and by whom. While there is no FinTech-specific regulation in Canada, some existing legislation does apply.

Information Security

Personal information and data security are huge concerns in the FinTech world and the growth of FinTech has significant cybersecurity implications. As FinTech products are increasingly embraced, both corporate and individual consumer financial information is at risk. Emerging tech companies are eager to jump into the financial services industry, but their security measures may be untested and insufficient. Some legislative protections do exist. Currently, businesses must comply with the federal Personal Information Protection and Electronic Documents Act or its provincial equivalents and Canada's Anti-Spam Legislation. However, some have expressed concerns that emergent FinTech companies may not be adequately equipped to deal with cybersecurity issues. The CEO of Toronto-Dominion Bank recently maintained that data breaches and solvency issues have "plagued" many new entrants, a claim hotly denied by the entrants themselves.4

Anti-Money Laundering

Canada's federal government has made significant strides in recent years to strengthen its anti-money laundering ("AML") regime in accordance with its international obligations. Because some FinTech transactions involving money transfers do not need to be made through financial institutions that are subject to AML laws, regulators have expressed some concern that such transactions could be used for money laundering without appropriate regulatory scrutiny. Some FinTech companies must comply with the registration, client identification and verification and transaction reporting requirements under the federal Proceeds of Crime (Money Laundering) and Terrorist Financing Act administered by the Financial Transactions and Reports Analysis Centre of Canada ("FINTRAC"), Canada's financial intelligence unit. Many others, however, do not fall within any of the categories of entities required to report to FINTRAC.

Consumer and Investor Protection

Due to rapid go-to-market strategies, investors and FinTech users may not receive the same amount of information and disclosure as that provided by incumbent financial institutions. However, start-ups must comply with relevant securities laws when raising capital, and with provincial consumer protection law when offering consumer-oriented products, but may be unfamiliar with the complex rules in these areas or assume that they do not apply. A FinTech starting seeking to raise capital through on-line "crowd funding" may be faced with the expensive and time consuming task of preparing a prospectus to be filed under provincial securities law unless an exemption exists. Recently, the Ontario Securities Commission has adopted Multilateral Instrument 45-108, which provides an exemption for "crowd-funding" offerings of up to $1.5 million within a 12 month period in relatively small amounts ($2,500 for each non-accredited investor, up to $10,000 per investor in a calendar year), but the eligibility requirements are complex and may necessitate bringing hundreds of shareholders on board. The Commission has also warned on-line marketplace lenders that the investments they offer to prospective lenders may be regarded as "securities" for the purpose of securities legislation and accordingly attract onerous registration and prospectus requirements unless an exemption is available.5 Currently there are no exemptions specifically tailored to on-line lending.

In addition, each province has in place detailed requirements under consumer protection legislation mandating disclosure of the cost of borrowing (such as the "annual percentage rate") for consumer loans. These requirements apply to all lenders in this sector, not just financial institutions or finance companies as such. Any on-line lender making loans to consumers would be bound by these complex laws regardless of the electronic medium.

Third-Party Outsourcing Relationships

Building in-house tech solutions is expensive, increasingly pushing financial institutions to outsource their IT functions. With this, however, comes the danger of data leaks and the difficulty of engaging with companies that lack the tools to handle information responsibly. The federal Office of the Superintendant of Financial Institutions has issued guidelines6 on outsourcing business activities and functions for federally-regulated financial institutions, which provide that the entity retains ultimate accountability.

Next Steps in Regulation

While the FinTech regulatory ecosystem is still in its infancy, it won't stay that way for long. The Canadian government will soon be fostering innovation in existing and start-up companies, while remaining cognizant of their role in providing regulatory protection to end-consumers of FinTech products. Although regulatory compliance can be costly for companies, clarifying applicable legislation and who it applies to, may be useful in long-term. Online payment methods and anti-money laundering are just two of many areas where we are likely to see–or are already seeing– considerable development.


Consumers are increasingly turning to mobile apps and online platforms to transfer funds, transforming existing payment infrastructures. In Canada, consumers are protected by provincial consumer protection laws and by the policies and business practices of the company, but in the absence of federal regulation, provinces and services providers are inconsistent in their regulation. In the retail payment space, existing rules and regulation have focused on the nature of the provider (i.e., a federally regulated financial institution is subject to different regulations than to a non-financial institution) rather than on the service provided (e.g., both entities may hold or transfer funds on behalf of consumers). In a recent consultation paper Payments Canada noted that stakeholders have called for "organization-agnostic oversight rules, applied consistently based on activity" for the payments system.7 Adopting this recommendation may provide better protection for system participants and end users through enhanced consistency of rules, regardless of the service provider.

Anti-Money Laundering

A significant consideration for financial service regulators will be enhanced protection against money laundering risk. Because FinTech companies may not be directly regulated by traditional regulators, compliance with AML legislation may be inconsistent or non-existent. Many FinTech companies do not have the infrastructure in place or the requisite expertise to adequately investigate users and trace funds. With the increasing use of platforms that facilitate payments and movements of money with more speed and greater anonymity, FinTech companies and those using financial technology will likely come under greater scrutiny to ensure that they have taken adequate steps to mitigate . money laundering risk. It is critical that financial services providers understand the extent to which they are subject to AML regulation and how to comply.

On June 17, 2016 the federal Department of Finance released amendments to regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act that were published on June 29.8 The new regulations make material changes in the areas of client identification and verification, especially for clients who are not physically present, and the adoption of electronic signatures. These changes should make processes such as on-line customer onboarding faster, more seamless and much less dependent on paper documents, thereby fostering growth and innovation in the FinTech space. By the same token, they also serve as a reminder that FinTech companies are not flying under the regulatory radar.

Alternative Approaches to Regulation and Innovation: Sandboxes and Hubs

Some jurisdictions. notably the U.K., Australia and Singapore, have implemented an innovative approach to regulating FinTech service providers that could serve as a model for similar initiatives federally and provincially in Canada, known as the "regulatory sandbox".9 In this model, qualified entrants are permitted to offer innovative products and services to a select subset of end users to allow them to test the waters without fear of regulatory sanctions. Often regulators will issue no-action letters, confirming that the rules are suspended for a specified period. Once the start-up is established, it leaves the "sandbox" and complies with the general regulatory regime in the "real world".

The U.S. Office of the Comptroller of the Currency recently issued a white paper10 supporting reasonable financial innovation based on eight core principles. The Consumer Financial Protection Bureau proposed a "no-action letter" policy that bears some similarity to the regulatory sandbox approach. In the UK, the Government Chief Scientific Advisor has issued a FinTech Futures Report that makes 10 key recommendations for government to contribute to and support the evolution of FinTech.

Another promising approach that Canadian regulators might consider to adopt more widely is the "innovation hub" that offers start-ups dedicated teams to help them navigate the regulatory landscape and obtain the necessary approvals.

These novel approaches show that regulators can do more than apply the brakes to FinTech innovation; they can also put their feet to the accelerator.


1. MaRS & Information Venture Partners, "Ten Surprising Facts about Fintech in Canada", online: (

2. See Task for the Payment Systems Review, The Way We Pay: Transforming the Canadian Payments System, available here.

3. Balancing Oversight and Innovation in the Ways We Pay: A Consultation Paper (2015), available here.

4. Barbara Schechter, " Debate over regulating fintechs heats up in Canada and the U.S", Financial Post, March 31, 2016.

5. Ontario Securities Commission, News Release, "OSC Sets Out Expectations for Businesses Planning to Operate Peer-to-Peer Lending Websites" (19 June 2015), available here.

6. OSFI Guideline B-10, Outsourcing of Business Activities, Functions and Processes (Revised March 2009), available here.

7. Payments Canada, Developing a Vision for Canada's Payments Ecosystem, Draft for Consultation, April 20, 2016, p. 4.

8. Regulations Amending Certain Regulations Made Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, 2016 SOR/2016-153 June 17, 2016, available here.

9. For the U.K. example see the Financial Conduct Authority, "Regulatory Sandbox" (Nov. 2015) available here.

10. E.g. the Australian Securities & Investment Commission's Innovation Hub, details of which are available here.

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2016

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Pat Forgione
Robert M. Scavone
Tayleigh Armstrong
In association with
Related Topics
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions